Exploit for Link Following in Ghost exploit - #CVE-2023-40028
A critical vulnerability, CVE-2023-40028, has been discovered in the Ghost Content Management System (CMS), allowing for arbitrary file reads due to improper file handling. A Proof of Concept (PoC) exploit, adapted by user 0xyassine, has been developed and tested in a controlled environment called "LinkVortex". This vulnerability poses a significant risk, potentially granting unauthorized access to sensitive server files. To mitigate this threat, Ghost CMS users are strongly advised to update to the latest version. The PoC script, written in Python, is intended for educational purposes only, and any unauthorized use is strictly prohibited. This discovery underscores the importance of regular software updates and vigilant security practices in content management systems.